Before installing or using any new software at work, always get approval from your IT department. Using unapproved tools can bypass security controls and potentially expose sensitive company data to cyber threats. Sticking to approved applications helps keep systems secure and ensures compliance with company policies.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Be careful when copying and pasting text, especially from documents or emails. Sensitive information like passwords, personal details, or confidential data can accidentally be shared or stored in clipboard history. Always double-check what you’ve copied before pasting it into chats, browsers, or other applications. Staying mindful helps protect your data and your organization’s security. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Cybersecurity experts have found two new malicious software threats: CHILLYHELL and ZynorRAT. CHILLYHELL targets macOS and is designed to secretly control infected devices. It can steal data, crack passwords, and run hidden commands. It connects to a remote server and stays hidden using multiple tricks. This malware was notarized by Apple in 2021, which made it harder to detect, but its certificate has now been revoked. It's believed to be linked to a hacking group active since 2022.

ZynorRAT targets Windows and Linux systems and is controlled through a Telegram bot. It can steal files, take screenshots, run commands, and stay active on the device. It first appeared in July 2025 and may still be under development. It spreads through file-sharing sites and may have been tested by its own creator, possibly a lone hacker.

Simple Safety...

Fitness trackers are great tools for monitoring your health, but because they connect to the internet and handle sensitive personal data, it’s important to prioritize security. Protect your device by using strong, unique passwords, keeping its software and apps up to date, and only connecting to trusted networks. Additionally, regularly review your privacy settings and be cautious about sharing personal health and location information to minimize the risk of unauthorized access or data breaches.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

OTPs secure your accounts and should never be shared. Scammers may pose as tech support or send urgent messages to trick you. If asked for your OTP, refuse and disconnect immediately.

Best Practices:

• Never share OTPs—even with banks or tech support
• Be cautious of urgent or suspicious messages
• Trust your instincts—if it feels wrong, it probably is
• Use app-based authentication over SMS
• Don’t reuse phone numbers or emails for sensitive accounts

“Code it. Use it. Lose it. Never share it.”

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Be cautious about what you see and hear—deepfakes are real. Scammers use AI to create fake videos and voice recordings that look and sound convincing. If a message or media seems unusual or out of character, take the time to verify it through trusted channels. Staying skeptical can help you spot deception before it causes harm. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Malicious software can silently infect your device simply by visiting a malicious website, especially if your browser or plugins are outdated. To protect yourself, always keep your browser and plugins updated, use trusted antivirus software, and avoid suspicious or unknown websites. Following these steps helps safeguard your device from hidden threats and cyberattacks.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Think twice before posting about your job, projects, or workplace on social media or public forums. Cybercriminals can use this information for social engineering or targeted attacks. Even small details can help them build a convincing scam. Protect your organization by keeping sensitive work information private. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Before entering any personal information or passwords, always look for the padlock icon in the address bar and make sure the website uses HTTPS. Be cautious of suspicious links, pop-ups, or unexpected emails, as they may lead to phishing scams. Keeping your browser and operating system up to date helps protect you from the latest online threats.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Cybersecurity experts have discovered a phishing campaign that uses fake voicemail and purchase order emails to spread malicious software called UpCrypter. The emails link to fake websites that look real by using company logos and domains. Victims are tricked into downloading a ZIP file with a hidden script that installs remote access tools, giving hackers full control of the device. The campaign started in August 2025 and mainly targets industries like manufacturing, healthcare, tech, and retail, especially in countries like Austria, India, and Canada. Hackers use smart tricks to avoid detection, such as hiding malicious software in images and avoiding file traces. In a related attack, scammers abused Google Classroom to send over 115,000 phishing emails, redirecting victims to WhatsApp scams. These attacks are part of a growing trend called...